Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Connection refused = no mail delivered locally with lmtp

  1. #1
    denisb is offline Active Member
    Join Date
    Apr 2006
    Posts
    33
    Rep Power
    9

    Default Connection refused = no mail delivered locally with lmtp

    I am currently betatesting a Zimbra setup for our company and have things setup like this :

    Zimbra is prefered MX in DNS but has port 25 blocked for everyone else except the zimbraserver and my office IP.
    I have setup all the existing users as forward users with the zimbraMailTransport setting as detailed in the Split Domain Wiki document. For what it's worth this part of the setup works fine.

    As a test before starting the proper migration (with opening SMTP port on the Zimbra server and letting it be the master in the setup) I altered my own account (denis@mydomain.com) setting zimbraMailTransport = lmtp:zimbraserver.mydomain.com

    I then sent a few test messages to myself via the zimbraserver SMTP, but these consistently fail delivery with the ominus "connection refused zimbraserver.mydomain.com" message.

    I have opened all the ports the server is listening to like this:
    Code:
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:7025
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:ldap
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:10024
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:10025
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:7306
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:7307
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:3310
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:7780
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:8005
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:7025
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:ldap
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:10024
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:10025
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:7306
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:7307
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:3310
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:7780
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:8005
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7071
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ldaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:99
    I checked connecting with telnet to both port 25, 10025 and 7025 from the server and this works fine.

    I then tailed the /var/log/zimbra.log and I find this when requeuing the messages :

    Code:
    Apr 28 11:36:09 ms1 postfix/postsuper[5988]: Requeued: 2 messages
    Apr 28 11:36:09 ms1 postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.9/conf/main.cf
    Apr 28 11:36:09 ms1 postfix/postfix-script: starting the Postfix mail system
    Apr 28 11:36:09 ms1 postfix/master[6038]: daemon started -- version 2.2.9, configuration /opt/zimbra/postfix-2.2.9/conf
    Apr 28 11:36:09 ms1 postfix/pickup[6046]: 6EFEA4C881: uid=502 from=<Administrator@oter.intra> orig_id=689E74C883
    Apr 28 11:36:09 ms1 postfix/cleanup[6050]: 6EFEA4C881: message-id=<000001c66a78$4457eab0$0500000a@intra>
    Apr 28 11:36:09 ms1 postfix/qmgr[6047]: 6EFEA4C881: from=<Administrator@oter.intra>, size=61826, nrcpt=1 (queue active)
    Apr 28 11:36:09 ms1 postfix/pickup[6046]: 744824C882: uid=502 from=<denis@mydomain.com> orig_id=046124C886
    Apr 28 11:36:09 ms1 postfix/cleanup[6050]: 744824C882: message-id=<4450AC33.7040403@mydomain.com>
    Apr 28 11:36:09 ms1 amavis[3747]: (03747-01) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20060428T113609-03747: <Administrator@oter.intra> -> <denis@mydomain.com> Received: SIZE=61826 from zimbraserver.mydomain.com ([127.0.0.1]) by localhost (zimbraserver.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03747-01 for <denis@mydomain.com>; Fri, 28 Apr 2006 11:36:09 +0200 (CEST)
    Apr 28 11:36:09 ms1 postfix/qmgr[6047]: 744824C882: from=<denis@mydomain.com>, size=213996, nrcpt=1 (queue active)
    Apr 28 11:36:09 ms1 zimbramon[2865]: 2865:info: Starting snmp
    Apr 28 11:36:09 ms1 amavis[3748]: (03748-01) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20060428T113609-03748: <denis@mydomain.com> -> <denis@mydomain.com> Received: SIZE=213996 from zimbraserver.mydomain.com ([127.0.0.1]) by localhost (zimbraserver.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03748-01 for <denis@mydomain.com>; Fri, 28 Apr 2006 11:36:09 +0200 (CEST)
    Apr 28 11:36:09 ms1 amavis[3747]: (03747-01) Checking: WMTyU+PB-tpe [127.0.0.1] <Administrator@oter.intra> -> <denis@mydomain.com>
    Apr 28 11:36:09 ms1 zimbramon[2865]: 2865:info: Starting spell
    Apr 28 11:36:09 ms1 amavis[3748]: (03748-01) Checking: UV-f93YUnLVr [127.0.0.1] <denis@mydomain.com> -> <denis@mydomain.com>
    Apr 28 11:36:09 ms1 amavis[3748]: (03748-01) spam_scan: not wasting time on SA, message longer than 65536 bytes: 4920+206025
    Apr 28 11:36:09 ms1 postfix/smtpd[6123]: initializing the server-side TLS engine
    Apr 28 11:36:09 ms1 postfix/smtpd[6123]: connect from localhost.localdomain[127.0.0.1]
    Apr 28 11:36:09 ms1 postfix/smtpd[6123]: D888C4C883: client=localhost.localdomain[127.0.0.1]
    Apr 28 11:36:09 ms1 postfix/cleanup[6066]: D888C4C883: message-id=<4450AC33.7040403@mydomain.com>
    Apr 28 11:36:09 ms1 postfix/qmgr[6047]: D888C4C883: from=<denis@mydomain.com>, size=214432, nrcpt=1 (queue active)
    Apr 28 11:36:09 ms1 postfix/smtpd[6123]: disconnect from localhost.localdomain[127.0.0.1]
    Apr 28 11:36:09 ms1 amavis[3748]: (03748-01) FWD via SMTP: <denis@mydomain.com> -> <denis@mydomain.com>, 250 2.6.0 Ok, id=03748-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as D888C4C883
    Apr 28 11:36:09 ms1 amavis[3748]: (03748-01) Passed CLEAN, LOCAL [127.0.0.1] [195.159.43.66] <denis@mydomain.com> -> <denis@mydomain.com>, Message-ID: <4450AC33.7040403@mydomain.com>, mail_id: UV-f93YUnLVr, Hits: -, 397 ms
    Apr 28 11:36:09 ms1 postfix/smtp[6086]: 744824C882: to=<denis@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=-736, status=sent (250 2.6.0 Ok, id=03748-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as D888C4C883)
    Apr 28 11:36:09 ms1 postfix/qmgr[6047]: 744824C882: removed
    Apr 28 11:36:09 ms1 amavis[3748]: (03748-01) extra modules loaded: Net/LDAP/Bind.pm
    Apr 28 11:36:09 ms1 postfix/lmtp[6129]: D888C4C883: to=<denis@mydomain.com>, relay=none, delay=0, status=deferred (connect to zimbraserver.mydomain.com[192.168.192.168]: Connection refused)
    Apr 28 11:36:10 ms1 postfix/smtpd[6123]: connect from localhost.localdomain[127.0.0.1]
    Apr 28 11:36:10 ms1 postfix/smtpd[6123]: B0E8E4C882: client=localhost.localdomain[127.0.0.1]
    Apr 28 11:36:10 ms1 postfix/cleanup[6050]: B0E8E4C882: message-id=<000001c66a78$4457eab0$0500000a@intra>
    Apr 28 11:36:10 ms1 postfix/qmgr[6047]: B0E8E4C882: from=<Administrator@oter.intra>, size=62757, nrcpt=1 (queue active)
    Apr 28 11:36:10 ms1 postfix/smtpd[6123]: disconnect from localhost.localdomain[127.0.0.1]
    Apr 28 11:36:10 ms1 amavis[3747]: (03747-01) FWD via SMTP: <Administrator@oter.intra> -> <denis@mydomain.com>, 250 2.6.0 Ok, id=03747-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as B0E8E4C882
    Apr 28 11:36:10 ms1 postfix/lmtp[6129]: B0E8E4C882: to=<denis@mydomain.com>, relay=none, delay=0, status=deferred (connect to zimbraserver.mydomain.com[192.168.192.168]: Connection refused)
    Apr 28 11:36:10 ms1 amavis[3747]: (03747-01) Passed CLEAN, LOCAL [127.0.0.1] [195.159.43.66] <Administrator@oter.intra> -> <denis@mydomain.com>, Message-ID: <000001c66a78$4457eab0$0500000a@intra>, mail_id: WMTyU+PB-tpe, Hits: 1.205, 1286 ms
    Apr 28 11:36:10 ms1 postfix/smtp[6065]: 6EFEA4C881: to=<denis@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=-735, status=sent (250 2.6.0 Ok, id=03747-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as B0E8E4C882)
    Apr 28 11:36:10 ms1 postfix/qmgr[6047]: 6EFEA4C881: removed
    Apr 28 11:36:10 ms1 amavis[3747]: (03747-01) extra modules loaded: Net/LDAP/Bind.pm
    Note: the 192.168.192.168 address is not the real address I use.

    I am a bit puzzled by this, is there a port I didn't open, something I have overlooked? This log snipped was after I altered the servers /etc/hosts file adding :
    Code:
    127.0.0.1 localhost localhost.localdomain zimbraserver zimbraserver.mydomain.com
    But even without this (and the server has a correct IP in DNS) it produces the exact same problem and messages..

    Any help, insight in what could be wrong would be highly appreciated!

    Regards
    Last edited by denisb; 04-28-2006 at 03:25 AM.

  2. #2
    cutigersfan is offline Active Member
    Join Date
    Apr 2006
    Posts
    49
    Rep Power
    9

    Default

    In the admin console, try unchecking the "Use DNS" box on the MTA tab. I had some success with this.

  3. #3
    denisb is offline Active Member
    Join Date
    Apr 2006
    Posts
    33
    Rep Power
    9

    Default

    Thanks for the suggestion, changing this alters the error message from "connection refused ms1.startsiden.no" to "connection refused 127.0.0.1".

    There seems to be some port or some setting prohibiting the lmtp delivery to work properly? I have checked the zmcontrol status and all services are running properly..

    Additional info is a listing of netstat -i :
    Code:
    tcp        0      0 *:ldap                      *:*                         LISTEN
    tcp        0      0 localhost.localdomain:10024 *:*                         LISTEN
    tcp        0      0 localhost.localdomain:10025 *:*                         LISTEN
    tcp        0      0 localhost.localdomain:7306  *:*                         LISTEN
    tcp        0      0 localhost.localdomain:7307  *:*                         LISTEN
    tcp        0      0 *:3310                      *:*                         LISTEN
    tcp        0      0 *:smtp                      *:*                         LISTEN
    tcp        0      0 *:ldaps                     *:*                         LISTEN
    tcp        0      0 *:imaps                     *:*                         LISTEN
    tcp        0      0 *:pop3s                     *:*                         LISTEN
    tcp        0      0 *:7780                      *:*                         LISTEN
    tcp        0      0 localhost.localdomain:8005  *:*                         LISTEN
    tcp        0      0 *:pop3                      *:*                         LISTEN
    tcp        0      0 *:imap                      *:*                         LISTEN
    tcp        0      0 *:http                      *:*                         LISTEN
    tcp        0      0 *:7025                      *:*                         LISTEN
    tcp        0      0 *:ssh                       *:*                         LISTEN
    tcp        0      0 *:7071                      *:*                         LISTEN
    udp        0      0 *:34645                     *:*
    udp        0      0 *:34646                     *:*
    Also, I did check with telnet that ports 10025 7025 and 25 are all actually available from the box. They do answer and seem to work as far as I can see.
    Last edited by denisb; 04-28-2006 at 06:59 AM.

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Try adding a 7025 anywhere/anywhere rule.

    Code:
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7025
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    denisb is offline Active Member
    Join Date
    Apr 2006
    Posts
    33
    Rep Power
    9

    Default

    Kevin; thanks for your help, but this did not do anything. Still "connection refused".

    Is there any place I can turn on more debugging info in the logs or anything?

  6. #6
    denisb is offline Active Member
    Join Date
    Apr 2006
    Posts
    33
    Rep Power
    9

    Default

    From the previous netstat -l :
    Code:
    tcp        0      0 localhost.localdomain:10024 *:*                         LISTEN
    tcp        0      0 localhost.localdomain:10025 *:*                         LISTEN
    tcp        0      0 localhost.localdomain:7306  *:*                         LISTEN
    tcp        0      0 localhost.localdomain:7307  *:*                         LISTEN
    Is this correct? Should the 10025 only bind to localhost ?
    Port 7025 is reachable both on the localhost and the public address, tested with telnet.

    I am a bit desperate to fix this issue as my progress with the new mailserver rollout is halted completely now. Any help would be extremely valuable

  7. #7
    denisb is offline Active Member
    Join Date
    Apr 2006
    Posts
    33
    Rep Power
    9

    Default

    Quote Originally Posted by cutigersfan
    In the admin console, try unchecking the "Use DNS" box on the MTA tab. I had some success with this.
    Just to let anyone reading this know that unchecking this box borked external mail delivery (to other SMTP servers) pretty much completely. I am not sure what this setting is for, but if you plan to use the server as a relayhost for internet mail, don't uncheck this box.

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Assuming that your DNS is correct, have you got any firewall or SElinux that might be blocking this server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    denisb is offline Active Member
    Join Date
    Apr 2006
    Posts
    33
    Rep Power
    9

    Default

    No central firewall, the only thing would be the Iptables setup which I outlined above.

    I also (to debug) moved all the iptables rules covering the Zimbra internal ports to accept any source address, so the current ruleset is like this:

    Code:
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     icmp --  anywhere             anywhere            icmp any
    ACCEPT     ipv6-crypt--  anywhere             anywhere
    ACCEPT     ipv6-auth--  anywhere             anywhere
    ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     tcp  --  office.mycompany.com anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7025
    ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7025
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ldap
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:10024
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:10025
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7306
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7307
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:3310
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7780
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:8005
    REJECT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp reject-with icmp-port-unreachable
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7071
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ldaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:99
    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
    And as I said, I tried telnet to the relevant ports, both on the public and localhost addresses. It works.

    SELinux is set to :
    SELINUX=permissive
    SELINUXTYPE=targeted

    Which should mean (AFAIK) that it does never "block" anything, only warns.

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Yes, those settings are supposed to be 'warn' and not interfere with thing but have you tried with SElinux disabled - just to see if it is the problem?

    Just an additional question on the hosts file you have at the beginning of this thread, why don't you have an entry for the IP address (in addition to 127.0.0.1) & FQDN of your zimbra server? I was under the impression it was necessary.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 03:34 PM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •